[LARTC] iptables mark & iproute related !

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

hi,

Stef Coene wrote:

> On Thursday 03 January 2002 15:17, Arindam Haldar wrote:
>>hi
>>i did those test & as i said in my last mail there is trafic passing thru
>>ir bytes counter r increasing but the tc command doesnt show any
>>restircition. seem like marked pkts r not going thru the iproute
>>
> Sorry, you wrote to encrypted for me to understand everything ;-)
> If I understand correctly, everything works if you use CBQ & SFQ, but the fw 
> filter is not working like it should be ? 

YES !!! .. UR ABSOLUTELY RIGHT !!!! :-)

> 
>>any suggestions ??
>>
> Can you post the scripts you are using so I can try them myself ?
> 
> Stef
> 
THIS IS MY TRUNCATED SCRIPT(MARK RELATED) !


iptables -A INPUT -i eth4 -s 192.168.1.1 -j ACCEPT

iptables -A FORWARD -o eth0 -s 192.168.1.1 -j ACCEPT
iptables -A PREROUTING -t nat -i eth4 -p 6 --dport 80 -j REDIRECT 
--to-port 3128
iptables -A PREROUTING -t mangle -i eth4 -s 192.168.1.1 -d a.b.c.d -j 
MARK --set-mark 55
iptables -A PREROUTING -t mangle -i eth4 -s 192.168.1.1 -d ! a.b.c.d -j 
MARK --set-mark  51
iptables -A POSTROUTING -t mangle -o eth0 -s 192.168.1.1 -j MASQUERADE


iptables -A PREROUTING -t nat -i eth0 -d 192.168.1.1 -s a.b.c.d -j MARK 
--set-mark 56
iptables -A PREROUTING -t mangle -i eth0 -d 192.168.1.1 -s ! a.b.c.d -j 
MARK --set-mark 52

###--32kbps for x-LAN
tc class add dev eth4  parent 5:1 classid 5:191 est 2sec 10sec cbq 
bandwidth 512Kbit rate 32Kbit allot 5\1514 weight 3.2Kbit prio 2 
maxbrust 5 avpkt 1500 bounded
tc qdisc add dev eth4 parent 5:191 sfq perturb 10
tc filter add dev eth4 parent 5:0 protocol ip prio 10 handle 51 fw 
flowid 5:191
tc filter add dev eth4 parent 5:0 protocol ip prio 10 handle 52 fw 
flowid 5:191
###--128 for LAN
tc class add dev eth4  parent 5:1 classid 5:192 est 2sec 10sec cbq 
bandwidth 512Kbit rate 128Kbit allot 5\1514 weight 3.2Kbit prio 2 
maxbrust 5 avpkt 1500 bounded
tc qdisc add dev eth4 parent 5:192 sfq perturb 10
tc filter add dev eth4 parent 5:0 protocol ip prio 10 handle 55 fw 
flowid 5:192
tc filter add dev eth4 parent 5:0 protocol ip prio 10 handle 56 fw 
flowid 5:192

similar for eth0 too !!
thanx in anticipation

arindam haldar
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux